aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind-9.16.7/CVE-2020-8625.patch
blob: 98b86231391506c4c55f005e5d3857a2d5fc15e8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
From 5b671538216af78a0a7ef7464dc52ab2241ea7db Mon Sep 17 00:00:00 2001
From: Minjae Kim <flowergom@gmail.com>
Date: Tue, 2 Mar 2021 14:03:49 +0000
Subject: [PATCH] BIND Operational Notification: Zone journal (.jnl) file
 incompatibility

Upstream-Status: Backport [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
CVE: CVE-2020-8625
Signed-off-by: Minjae Kim <flowergom@gmail.com>
---
 lib/dns/spnego.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index 671838c..82fd49a 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -846,7 +846,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
 		return (ASN1_OVERRUN);
 	}
 
-	data->components = malloc(len * sizeof(*data->components));
+	data->components = malloc((len + 1) * sizeof(*data->components));
 	if (data->components == NULL) {
 		return (ENOMEM);
 	}
-- 
2.17.1